diff --git a/Chart.yaml b/Chart.yaml
index 995d700..fc1ace5 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -7,4 +7,4 @@ keywords:
 - confidential-containers
 name: trustee
 # DO NOT EDIT VERSION HERE, IT IS AUTO-GENERATED BY SEMANTIC-RELEASE
-version: 0.0.5
+version: 0.1.0
diff --git a/README.md b/README.md
index 43e2e5d..5847fbc 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # trustee
 
-![Version: 0.0.5](https://img.shields.io/badge/Version-0.0.5-informational?style=flat-square)
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
 
 A Helm chart to provide an opinionated deployment of Trustee in a validated pattern
 
diff --git a/templates/certificate.yaml b/templates/certificate.yaml
new file mode 100644
index 0000000..1c8b2ec
--- /dev/null
+++ b/templates/certificate.yaml
@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: kbs-certificate
+  namespace: imperative
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+spec:
+  secretName: kbs-tls-self-signed
+  duration: 8760h # 1 year
+  renewBefore: 720h # 30 days
+  commonName: kbs.{{ .Values.global.hubClusterDomain }}
+  dnsNames:
+  - kbs.{{ .Values.global.hubClusterDomain }}
+  issuerRef:
+    name: kbs-self-signed-issuer
+    kind: Issuer
+
diff --git a/templates/issuer.yaml b/templates/issuer.yaml
new file mode 100644
index 0000000..e64bd30
--- /dev/null
+++ b/templates/issuer.yaml
@@ -0,0 +1,10 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: kbs-self-signed-issuer
+  namespace: imperative
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+spec:
+  selfSigned: {}
+